Cardholders Being Told of Security Breach at Retailer
Data apparently stolen from popular clothing retailer Polo Ralph Lauren Corp. is forcing banks and credit card issuers to notify thousands of consumers that their credit card information may have been exposed.
HSBC North America, a division of London-based HSBC Holdings, confirmed Thursday that it had begun notifying holders of the HSBC-issued, General Motors Corp.-branded MasterCard that criminals might have obtained access to their credit card information and that the cards should be replaced.
HSBC spokesman Stephen E. Cohen said Thursday that “we began doing it last week, and we are continuing.” He said about 180,000 holders of GM-branded cards were affected.
Neither Cohen nor spokesmen for MasterCard International would identify the retailer by name.
The security breach was reported Thursday in the Wall Street Journal, which quoted “people with knowledge of the matter” as saying the data was stolen at Polo Ralph Lauren.
A spokeswoman at New York-based Polo Ralph Lauren said “we have no comment at the moment” on the report.
Polo Ralph Lauren shares Thursday fell $1.28, or 3%, to $37.18 on the New York Stock Exchange.
It was unclear what other cards might be at risk, but both Visa USA and MasterCard -- the nation’s largest credit card associations -- were reported to be dealing with Polo Ralph Lauren on the matter.
MasterCard said in a statement that it was informed of a possible security breach “of transaction data associated with a U.S.-based retailer” in January 2005 and had launched an investigation immediately.
“Investigations into this incident by MasterCard, law enforcement and other parties are ongoing,” the statement said.
Visa USA issued a similar statement, saying it was notified “by a U.S. merchant” of a possible data security breach.
In response to a reporter’s query, Citigroup Inc. confirmed that was “notifying some customers who we think may be at risk.”
HSBC’s Cohen said the bank did not yet know whether the thieves had used any of the data.
